The Hacker News — Cyber Security, Hacking, Technology News

The man accused of being "a senior advisor" and mentor of Ross Ulbricht, the convicted operator of the illegal drug marketplace Silk Road, has been arrested in Thailand and charged with conspiring to traffic drugs and money laundering.

The US Department of Justice (DoJ) announced on Friday that Roger Thomas Clark, 54, is accused of being "Variety Jones," who was a close confidante of Ulbricht's who:

Clark was arrested Thursday in Thailand and is now awaiting extradition to face United States charges of:

Narcotics Trafficking Conspiracy – carries a maximum sentence of life in prison.

Money Laundering Conspiracy – carries a maximum sentence of 20 years in prison.

Life in Prison

If convicted, Clark faces at least 10 years and as long as life in prison, according to a statement from Manhattan U.S. Attorney Preet Bharara.

According to the press release, Clark used the online aliases of Variety Jones, Cimon, and Plural of Mongoose, and was paid "hundreds of thousands of dollars" for his work on Silk Road.

"[Clark] was the biggest and strongest willed character I had met through the site thus far," Ross Ulbricht wrote in a 2011 journal entry. "He quickly proved to me that he had value by pointing out a major security hole in the site I was unaware of."

Prosecutors also cited an online conversation in which Clark and Ulbricht discussed a plan to "track down" a certain Silk Road employee to ensure that he hadn't gone "off the rails." Clark reportedly commented: "Dude, we're criminal drug dealers – what line shouldn't we cross?"

"The arrest of Roger Thomas Clark shows again that conducting criminal activities on the Dark Web does not keep a criminal out of law enforcement’s reach," said Diego Rodriguez, FBI assistant director.

"Clark may have thought residing in Thailand would keep him out of reach of U.S authorities, but our international partnerships have proven him wrong. We thank our law enforcement partners who have worked with the FBI on this case."

You can see the full press release of Clark case – U.S. v. Clark, 15-mj-01335, U.S. District Court, Southern District of New York (Manhattan) – here.

A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites.

The app security firm Veracode has released its State of Software Security: Focus on Application Development report (PDF), analyzing more than 200,000 separate applications from October 1, 2013, through March 31, 2015.

Researchers found that PHP – and less popular Web development languages Classic ASP and ColdFusion – are the riskiest programming languages for the Internet, while Java and .NET are the safest.

Here's the Top 10 List:

The Veracode research report used a unique metric, Flaw Density per MB, which means the number of security bugs in each MB of source code.

Here's the list of unlucky winners:

Classic ASP – 1,686 flaws/MB (1,112 critical)

ColdFusion – 262 flaws/MB (227 critical)

PHP – 184 flaws/MB (47 critical)

Java – 51 flaws/MB (5.2 critical)

.NET - 32 flaws/MB (9.7 critical)

C++ – 26 flaws/MB (8.8 critical)

iOS – 23 flaws/MB (0.9 critical)

Android – 11 flaws/MB (0.4 critical)

JavaScript - 8 flaws/MB (0.09 critical)

Web Apps in PHP are Most Vulnerable, Here's Why:

PHP, which is on third, is actually leading the ranking because ColdFusion is a high-end niche tool and Classic ASP is almost dead.

Taking a closer look at PHP:

86% of applications written in PHP contained at least one cross-site scripting (XSS) vulnerability.

56% of apps included SQLi (SQL injection), which is one of the dangerous and easy-to-exploit web application vulnerabilities.

67% of apps allowed for directory traversal.

61% of apps allowed for code injection.

58% of apps had problems with credentials management

73% of apps contained cryptographic issues.

50% allowed for information leakage.

From above issues, SQLi and XSS are among the Open Web Application Security Project's (OWASP) Top 10 most critical web application security risks.

SQL injection bugs – which allow hackers to directly interact with a Web site's database – are the ones that have been blamed for the massive data breaches at kiddie toymaker VTech and telecom firm TalkTalk.

According to the report, the risk size of the above vulnerabilities can be measured by the volume of PHP apps developed for the Top 3 CMS (Content Management Systems) – WordPress, Drupal and Joomla – that represent over 70% of the CMS market.

Choose Your Scripting Language Wisely

Less than a quarter of Java applications contain SQL injection flaws, compared to more than three-quarters of those applications written in PHP.

"When organizations are starting new development projects and selecting languages and methodologies, the security team has an opportunity to anticipate the types of vulnerabilities that are likely to arise and how best to test for them," Veracode's CTO Chris Wysopal advised.

Bluestacks, the first app player for running Android apps on Windows, has launched the latest version of its Android emulator platform with one major upgrade:

The Ability to Run Multiple Android apps Simultaneously.

BlueStacks 2 Released

Bluestacks previously only run a single app at a time. However, with the launch of BlueStacks 2, the app adds a tabbed interface that allows you to jump between multiple Android apps in the same window.

This is great for you to run gaming and messaging apps, or news and messaging apps at the same time.

The update also adds a toolbar that allows you to quickly tell the Android emulator to simulate rotating the device screen or to perform other functions, such as copying and pasting.

In BlueStacks 2, players now have options to marry gameplay and app discovery, meaning when they click an advertisement, a new tab will appear so that the players can continue playing their games without being interrupted.

How to Run Multiple Android apps Using BlueStacks 2

BlueStacks 2 is currently available only on Windows, but will soon debut on Macs in July.

Follow these simple steps to go:

Step 1: To use and run multiple Android apps simultaneously, you need to first Download BlueStacks 2, which is free.

Step 2: Install BlueStacks 2 software on your Windows computer.

Step 3: Once installed, you will land on the Welcome Tab. Just Move to 'Android' tab.

Step 4: Software will ask you for One-time Google Account Setup, just like an Android device ask for.

Step 5: Login with your Google account to complete the Setup and you are ready!Step 6: From 'Android' tab select multiple apps you want to run in parallel. BlueStacks 2 will open each app in a new Tab within the software interface.

New Milestone Achieved

With the seventh-largest Android user base in the world, Bluestacks has crossed more than 109 Million app downloads, engaging more than 1.1 Billion Android apps every month.

"When we started, mobile apps, with their crisp resolution looked and sounded gorgeous on PC and TV," said Shashi Kant Sharma, Product Manager at BlueStacks.

"What we’ve learned is that the wider visual space lends itself more naturally to app discovery. Once someone discovers apps on PC or TV, they tend to use them across all of their devices, giving the BlueStacks platform powerful reach for developers."

Next in the queue, Kazakhstan is also planning to Spy on encrypted Internet Traffic of its citizens, but in the most shameless way.

Unlike other spying nations that are themselves capable of spying on their citizens, Kazakhstan will force every internet user in the country to install bogus security certs on their PCs and mobile devices, allowing the 'Dictator' Government to:

Country-Wide "Superfish" Campaign

"The National Security Certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources," read the notice published by Kazakhtelecom at the beginning of this week.

This simply means:

The Government's shameless 'National Security certificate' program – most likely a root CA cert similar to those found in Lenovo's Superfish and Dell's Superfish 2.0 scandals – will target users' access to encrypted services that rely on Internet traffic being routed outside of Kazakhstan.

However, traffic between Servers located in Kazakhstan won't be affected.

The surveillance will begin from January 1; less than a month from now.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

You should be very careful while visiting websites on the Internet because you could be hit by a new upgrade to the World's worst Exploit Kit – Angler, which lets hackers develop and conduct their own drive-by attacks on visitors' computers with relative ease.

Many poorly-secured websites are targeting Windows users with a new "Cocktail" of malware that steals users' passwords before locking them out from their machines for ransom.

Yes, stealing Windows users' passwords before encrypting their data and locking their PCs for ransom makes this upgrade to the Angler Exploit Kit nastier.

Here's How the New Threat Works:

Once the Angler exploit kit finds a vulnerable application, such as Adobe Flash, in visitor's computer, the kit delivers its malicious payloads, according to a blog post published by Heimdal Security.

The First Payload infects the victim's PC with a widely used data thief exploit known as Pony that systematically harvests all login usernames and passwords stored on the infected system and then sends them to servers controlled by hackers.

This allows attackers to obtain working logins for a number of websites, e-commerce sites, and even corporate applications, from which the hackers could steal more data.

The Second Payload drops the widely-used CryptoWall 4.0 Ransomware that locks user files until a ransom amount is paid.

The campaign is "extensive" and originates from a secure hosting environment located in Ukraine, the researchers say. Over 100 web pages in Denmark have been "injected with the malicious scripts, but the campaign is not limited to Europe."

Rise in Ransomware Threat

Ransomware attacks hit thousands of Internet users every week, and costs them a total of $18 Million in losses, according to the FBI.

Moreover, a recent report dated back to last month suggested that the Cryptowall family alone has managed to raise over $325 Million in revenue in the past year alone.

Few days back, we also saw Cryptowall 4.0 – the newest version of the world's worst Ransomware – surfacing in the Nuclear exploit kit, one of the most potent exploit kits available in the market for hacking into computers.